[prog] PHP script security

[Cynthia Kiser]

Quoting Dan Richter <daniel.richter at wimba.com>:
> Since nobody has said this yet, let me add (for the record) that most of 
> PHP+database security can be summed up in one function: AddSlashes. This 
> function allows you to query and enter data without worrying about hackers 
> and crackers.

OK I'll bite. How will escaping out ' and \ make you safe from
hackers? It prevents certain kinds of errors when inserting data into
the database - but only errors I would expect the database connector
to handle gracefully - unless you consider an error message containing
your (failed) insert statement a security risk (I have worked on
projects where that was considered unacceptable) . 

-- 
Cynthia N. Kiser
cnk at ugcs.caltech.edu